• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 354
  • Last Modified:

can botnets and email spoofing be stopped using the same methods

I am trying to write and report on botnets and email spoofing for my boss,but l am confused on wether  there  can be defended against in a similar manner in a network.
Phil Mapfumo
Phil Mapfumo
2 Solutions
email spoofing would be a method of delivering malicious software to a machine in order to add that machine to a botnet. the botnet would in turn send out those spoofed emails.
email spoofing is now based more on social engineering than anything else. trying to convince the recipient of the spoofed email message that it is legitimate.
The best defense against any email based threat would be to never open an email from someone you don't know. Use a web based email service and have scripting turned off in your browser when you are viewing your email. The web based email services provide some filtering and scripting protection but running firefox with the noscript plugin gives you control of what scripts can run in your browser.
With scripting on it only takes one click to become infected.
Check out the podcast SECURITY NOW with Steve Gibson episode 221 covers some of this.
You can also search the episodes at http://www.grc.com/securitynow.htm
Hope this helps
Dave HoweSoftware and Hardware EngineerCommented:
Well, they are different (but sometimes related) things.

Email spoofing is where the source of a message is deliberately faked; often, not only the sender "from" address, but the original source (by adding additional faked routing lines to the headers, as though it had already passed though several systems before being relayed on)

Email spoofing is commonly associated with phishing (producing a fake email purporting to come from a bank or similar asking for your login details to be entered onto a website in order to gain access to your account)

Botnets are machines "infected" by software which allows the person who initiated the infection to execute programs on the machine without its owner's permission. Usually they will "report in" to a controller (often an IRC server) to obtain orders and updated code, but sometimes they have their own mesh network to avoid authorities taking out an entire net by locating and removing the control site.

One infection vector (and there are many) is an email, spoofed or not. One use of a botnet (and again, there are many) is to send out spam or spoofed emails via the email credentials of the infected machine's ISP account.

Spoofed emails, virus emails and spam emails are the focus of an ongoing war between those who produce such, and those who wish to remove them from the email stream. There are a number of products out there to attempt this, and their success varies literally from day to day. One example would be the "ironport" email filtering host (which uses a combination of reputation filters, pattern matching and virus scanning to remove a significant proportion of bad mail) but that is just one example. non-commercial offerings include things like spamassassin and clamav.

Botnets however are more how you defend against an infected machine (of any type) on your own network - its an internal host outbound, rather than a perimeter defense. Usually this is approached by behavioural monitoring - attempts to send out email, communicate with other workstations and write files to them, or connect to irc servers should be considered suspect (so intrusion detection/prevention here)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

On-Demand: Securing Your Wi-Fi for Summer Travel

Traveling this summer?Check out our on-demand webinar to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now